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DETAILED ACTION 
Claim Rejections - 35 USC § 102 

1. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this Office 
action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

2. Claims 1-7, and 11-18 are rejected under 35 U.S.C. 102(e) as being 
anticipated by McGauley (US 5,899,998). 

a. Referring to claim 1: 

i. McGauley teaches: 

(1) selecting, by the individual, a record server that is 
publicly accessible over a network [i.e., Figure 6, it is a new type of distributed 
database network system in which medical data items are automatically 
propagated from their sites of origin to several different memory storage sites, 
independently and selectively, such as, portable data carriers (PDC), medical 
point-of-service (POS) stations, and administrative services systems (column 2, 
line 30-37)]; 

(2) encrypting a confidential record of the individual [i.e., 
are encrypted to help protect the security of the system and to preserve the 
confidentiality of individual patient's medical information (column 6, line 46-48)]; 

(3) storing the encrypted confidential record on the 
selected record server [i.e., stored within their PDC, patients actually carry their 
medical data from one POS station to another (column 3, line 18-19)]; and 

(4) accessing the encrypted confidential record stored on 
the selected record server through a defined gateway system [i.e., the PDCs also 
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serve as one of the main communication links between POS stations, for 
example, when a patient visits their doctor, the patient's PDC is read/access by 
the doctor's POS station and this automatically transfer medical information 
between the PDC and the station, so that the more current data is propagated and 
stored in both places (column 3, line 17-19 and line 29-33)]. 

b. Referring to claim 2: 

i. McGauley further teaches: 

(1) the step of distributing an access token to a 
predetermined agent by the individual for use in accessing the stored confidential record 
over the network [i.e., the PDC is a microprocessor integrated circuit chip card, 
commonly known as a smart card, which servers as a data storage device on 
which patients carry a copy of their own medical record. In addition, the carries 
physician orders, such as medication prescriptions, laboratory or X-ray tests, 
referrals to consultant physicians, surgical procedures and the like. When a 
patient visits their doctor, the patient's PDC is read/access by the doctor's POS 
station (column 2, line 41-56 and column 3, line 28-29]. 

c. Referring to claim 3: 

i. McGauley further teaches: 

(1) the predetermined agent is a healthcare institution 
[i.e., the POS stations are computer systems positioned at locations where 
patients receive medical care, such as physician offices, pharmacies, 
laboratories, radiology units, hospitals, diagnostic and treatment centers, 
emergency treatment sites, and urgent care centers ( column 2, line 59-64)]. 

d. Referring to claim 4: 

i. McGauley further teaches: 

(1 ) the confidential record is a medical record [i.e., each 
PDC contains the medical record of an individual patient (column 1, line 15-16)]. 

e. Referring to claim 5: 

i. McGauley further teaches: 
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(1 ) the individual is a patient [i.e., an individual patient 

(column 1, line 16)]. 

f. Referring to claim 6: 

i . McGauley further teaches: 

(1) the predetermined agent is the patient who has 
privileges to read, modify, and annotate the medical record [i.e., Figure 6, the patient 
manager 123 contains major rule sets relating to data processing, such as routing 
update objects and modifying databases (column 12, line 58-60)]. 

g. Referring to claim 7: 

i. This claim has limitations that is similar to those of claim 6, 
thus it is rejected with the same rationale applied against claim 6 above. 

h. Referring to claim 11: 

i . McGauley further teaches: 

(1) the access token is a smart card [i.e., the PDC is a 
microprocessor integrated circuit chip card, commonly known as a smart card 
(column 2, line 41-43)]. 

i. Referring to claim 12: 

i. McGauley further teaches: 

(1 ) the step of accessing by the predetermined agent the 
encrypted confidential record on the record server from any node on the network 
capable of accepting the access token [i.e., this independent PDC-POS database 
design allows "patient specific" and "site specific" medical data to be present 
when and where it is needed, at every medical POS location (column 3, line 10- 
13)]. 

j. Referring to claim 13: 

i. McGauley further teaches: 

(1) the step of maintaining anonymity of the individual 
when the predetermined agent accesses the encrypted confidential record of the 
individual [i.e., It may not be necessary for the pharmacy POS station to have 
access to all of the medical information on the PDC. Indeed, some of the 
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information may be confidential or unnecessary to filling the prescription. The 
internally stored rule sets in the pharmacy POS station govern what information 
can be obtained from the PDC and what information is excluded (column 3, line 
43-47)]. 

k. Referring to claim 14: 

i . McGauley further teaches: 

(1) the step of determining by the individual each portion 
of the confidential record that is accessible to the predetermined agent [i.e., each 
patient's medical file is kept current at numerous independent databases by 
routing medical data through the system via update objects that interact with 
strategically placed rule sets. The general rules for processing update objects 
are located within each POS station, in the switching station, and in the 
administrative services system. The rules are shown in Figures 7 and 8 (column 
15, line 23-32)]. 1 
I. Referring to claim 15: 

i . McGauley further teaches: 

(1 ) the gateway system and the record server selected by 
the individual are the same node on the network [i.e., Figure 6, a distributed database 
network architecture, in which a plurality of PDCs and POS stations interact to 
maintain the currency of the medical records of a plurality of patients. In addition 
to serving as one of the database repositories in this network, each PDC also 
serves as a communication link between the POS stations (column 1, line 12-15 
and line 24-26)]. 

m. Referring to claim 16: 

i. McGauley further teaches: 

(1) the step of defining a schema for representing the 
confidential record using a markup language [i.e., Figure 6, the database conversion 
system 153 translates the information from the object-oriented structure to a 
relational database structure, which allows the invention to interact easily and 
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efficiently via widely used standard protocols and query languages (column 14, 
line 62-64 and column 15, line 5-7)]. 

n. Referring to claim 17: 

i. McGauley teaches: 

(1) digital information representing a confidential record 
of the individual [i.e., the computerized medical records where each PDC contains 
the medical record of an individual patient (column 1, line 10-15)]; 

(2) a publicly accessible server system connected to the 
network and selected by the individual for storing the confidential record [i.e., Figure 6, 
the portable data carriers (PDC) (column 2, line 34)]; and 

(3) a gateway system, in communication with the server 
system, comprising software for accessing the confidential record of the individual [i.e., 
Figure 6, the medical point-of-service (POS) stations are computer system 
positioned at locations where patients receive medical care (column 1, line 59- 
60)]. 

o. Referring to claim 18: 

i. This claim has limitations that is similar to those of claim 2, 
thus it is rejected with the same rationale applied against claim 2 above. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 9,10, 19, and 20 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over McGauley, and further in view of Ho (US 6, 148, 342). 

a. Referring to claims 9. 10.19. and 20: 

i. McGauley teaches the claimed subject matter except for: 
(1 ) the access token is a private cryptographic key. 
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(2) the access token is a biometric of the predetermined 
individual that is measurable by a biometric hardware device. 

ii. However Ho teaches: 

(1) the use of public and private key cryptography, 
identifier is encrypted using a public key of an identifier database. The identifier 
package may also include the public key of the source terminal as shown in Figure 1. 
Furthermore, the entire data packet is signed in block 212 (as shown in Figure 2A 
where such encryption may be done with a private key of the source terminal (column 
5, line 59-64 and column 6 line 5-8). 

(2) source terminal 104 (as shown in Figure 1) identifies 
or collects information to identify the user, typically by obtaining passwords, handprints, 
fingerprints, retinal scans, or other appropriate identification mechanism (column 2, line 
46-49). 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) include these kinds of identification information (such 
as Figure 6 of McGauley) for protecting confidential information as well as preventing 
insiders with high levels of computer access from accessing sensitive data (column 1, 
line 11-13 of Ho). 

vi. The ordinary skilled person would have been motivated to: 
(1) add these kinds of identification information (such as 
Figure 6 of McGauley) for protecting sensitive data because as data on the computer 
becomes increasingly sensitive and valuable, the system administrator or other "trusted 
insider" increasingly has incentives to defeat the protection mechanisms of the system 
and sell the confidential data (column 1, line 33-37 of Ho). 

5. Claim 8 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
McGauley, and further in view of Melrose (US 6, 272, 468). 
a. Referring to claim 8: 

i. McGauley further teaches: 
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(1 ) the step of associating a class of agents with a 
set of privileges for accessing the confidential record, wherein the predetermined agent 
is a member of the class [i.e., Figure 6, the POS database 122 is object-oriented. It 
is flexible in size. It stores and retrieves data according to key identifiers (column 
12, line 48-50). The POS stations are computer systems positioned at locations 
where patients receive medical care, such as physician offices, pharmacies, 
laboratories, radiology units, hospitals, diagnostic and treatment centers, 
emergency treatment sites, and urgent care centers ( column 2, line 59-64)]. 

ii. However, McGauley does not explicitly mention the use of a 
class of agents or an agent is a member of the class, Melrose, on the other hand, 
teaches: 

(1) Figure A2 shows the ChartSystem Package, 
medicalRecord Class (column 5, lines 57-60). 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) have applied Melrose's teaching into McGGauley's 
system since a third category of medical computer systems is called the "electronic 
medical record" (EMR) or "computer-based patient record" (CPR)-the principal focus of 
attention during the past two decades, primarily through the efforts of the Computer- 
based Patient Record Institute (CPRI). Systems in this category address the issues of 
medical record content, utility and confidentiality in an effort to define, design and 
develop a computer-based "chart", the common practice name for the paper-based 
medical record as defined above (column 2, lines 13-22 of Melrose). 

vi. The ordinary skilled person would have been motivated to: 

(1) have applied Melrose's teaching into McGGauley's 
system because the principal purpose of the computer-based chart is to make patient- 
specific information available to clinicians when and where it is needed in order to 
facilitate more efficient, effective and (therefore) economical pathology diagnosis and 
treatment, and ongoing patient care including clinical monitoring (column 2, lines 22-27 
of Melrose). 
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Conclusion 

6. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. Ballantyne et al (US 5, 867, 821 ) discloses a method and apparatus 
for distribution and administration of medical services, entertainment services, electronic 
health records, and education information useful in hospitals, other types of health care 
facilities, and patient's homes (column 1, line 12-16). 

b. Conner et al (US 5, 579, 393) discloses a system for secure 
medical and dental record interchange comprises a provider system and a payer 
system. The provider system includes a digital imager, a processing unit, a data 
transmission/reception device, and a memory having a provider management unit and a 
security unit (see abstract). 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Thanhnga (Tanya) Truong 
whose telephone number is 571-272-3858. 

If attempts to reach the examiner by telephone are unsuccessful, 
the examiner's supervisor, Kim Vu can be reached at 571-272-3859. The fax and 
phone numbers for the organization where this application or proceeding is assigned is 
703-872-9306. 

Any inquiry of a general nature or relating to the status of this 
application or proceeding should be directed to the receptionist whose telephone 



number is 571-272-2100. 
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